While this was produced independently of Dirk Balfanz’s JSON token proposal, both of us agree that we should come up with a unified spec. Consider this draft an additional point in the possible design space from which to start discussions and drive consensus. (If you read the two proposals, I think you’ll find that there’s already a lot in common, which is great.)

By the way, the draft suggests that the acronym JWT be pronounced like the English word “jot”.

I’d love to hear your feedback.

====

NOTE: This specification version has been superseded by draft-ietf-oauth-json-web-token. Do not use this version other than for historical reference purposes.